AWS GuardDuty – Intelligent Threat Detection

January 4, 2018

Threats to your IT infrastructure come in all forms. The online world cannot be a trustworthy place and need to make sure that we have the right tools, knowledge, and perspective to keep your IT infrastructure safe and sound.

Amazon guard duty is aimed to give you that in abundance. AWS guard duty is a security service expert in detecting API activity and suspicious traffic in customers’ AWS environments. It uses the power of machine learning to identify unusual behavior and alert customers to certain classes of potentially malicious activity.

Amazon GuardDuty offers an excellent and intelligent threat discovery service. It lets AWS users monitor their AWS account for any unexpected and unusual behavior to analyze as well as monitor the existing logs, like VPC Flow Logs, CloudTrail Event Logs, and DNS Logs. It evaluates data from multiple feeds with a focus on threat detection by looking for glitches and known malicious sources like the URLs and addresses.

The service is as it is powered by Machine Learning, which continuously evolves and understands your infrastructure. Amazon GuardDuty looks at invalid patterns with your AWS account that could point out some of the potential threats to your environment. These threats might be behavioral based, where a resource has been given in my mind or credential exposure, unexpected API calls that sit outside security best practices, or even communications from suspicious sources.

Using a threat detection feed can be generated from public sources or provided from within AWS itself; this service provides automatic and continuous security analysis for safeguarding your entire AWS environment.

Once-click deployment with no additional software or infrastructure to deploy and manage

Accessing AWS GuardDuty

Guard duty can be accessible in any one of the following ways:

GuardDuty Console

AWS SDK

GuardDuty HTTPS API

How GuardDuty Works

Available Regions

Currently, Amazon GuardDuty is supported in the following AWS regions:

Asia Pacific: Mumbai, Seoul, Singapore, Sydney and Tokyo

Canada: Central

EU: Frankfurt, Ireland, and London

US East: N. Virginia and Ohio

US West: Oregon and N. California

South America: Sao Paulo

Royal Cyber & AWS Security

Customers that work with Royal Cyber will get access to AWS Guard Duty automatically through its cloud management platform, which will centralize data from AWS Guard Duty and allow customers to control how notifications will be distributed quickly. Royal Cyber’ AWS Certified Professionals will receive these notifications and respond immediately to shield customer environments.

When customers work with Royal Cyber, their environments are instantly integrated with dozens of AWS security services, including AWS Guard Duty, CloudTrail, CloudWatch, EC2 Systems Manager, and more. Our AWS experts do the hard work of scrutinizing and integrating these services to keep up with the pace of new cloud product releases for the customers to get immediately benefitted from the latest improvements.